Saturday, July 08, 2017

Burner laptops for DEF CON

Hacker summer camp (Defcon, Blackhat, BSidesLV) is upon us, so I thought I'd write up some quick notes about bringing a "burner" laptop. Chrome is your best choice in terms of security, but I need Windows/Linux tools, so I got a Windows laptop.

I chose the Asus e200ha for $199 from Amazon with free (and fast) shipping. There are similar notebooks with roughly the same hardware and price from other manufacturers (HP, Dell, etc.), so I'm not sure how this compares against those other ones. However, it fits my needs as a "burner" laptop, namely:
  • cheap
  • lasts 10 hours easily on battery
  • weighs 2.2 pounds (1 kilogram)
  • 11.6 inch and thin
Some other specs are:
  • 4 gigs of RAM
  • 32 gigs of eMMC flash memory
  • quad core 1.44 GHz Intel Atom CPU
  • Windows 10
  • free Microsoft Office 365 for one year
  • good, large keyboard
  • good, large touchpad
  • USB 3.0
  • microSD
  • WiFi ac
  • no fans, completely silent
There are compromises, of course.
  • The Atom CPU is slow, thought it's only noticeable when churning through heavy webpages. Adblocking addons or Brave are a necessity. Most things are usably fast, such as using Microsoft Word.
  • Crappy sound and video, though VLC does a fine job playing movies with headphones on the airplane. Using in bright sunlight will be difficult.
  • micro-HDMI, keep in mind if intending to do presos from it, you'll need an HDMI adapter
  • It has limited storage, 32gigs in theory, about half that usable.
  • Does special Windows 10 compressed install that you can't actually upgrade without a completely new install. It doesn't have the latest Windows 10 Creators update. I lost a gig thinking I could compress system files.

Copying files across the 802.11ac WiFi to the disk was quite fast, several hundred megabits-per-second. The eMMC isn't as fast as an SSD, but its a lot faster than typical SD card speeds.

The first thing I did once I got the notebook was to install the free VeraCrypt full disk encryption. The CPU has AES acceleration, so it's fast. There is a problem with the keyboard driver during boot that makes it really hard to enter long passwords -- you have to carefully type one key at a time to prevent extra keystrokes from being entered.

You can't really install Linux on this computer, but you can use virtual machines. I installed VirtualBox and downloaded the Kali VM. I had some problems attaching USB devices to the VM. First of all, VirtualBox requires a separate downloaded extension to get USB working. Second, it conflicts with USBpcap that I installed for Wireshark.

It comes with one year of free Office 365. Obviously, Microsoft is hoping to hook the user into a longer term commitment, but in practice next year at this time I'd get another burner $200 laptop rather than spend $99 on extending the Office 365 license.

Let's talk about the CPU. It's Intel's "Atom" processor, not their mainstream (Core i3 etc.) processor. Even though it has roughly the same GHz as the processor in a 11inch MacBook Air and twice the cores, it's noticeably and painfully slower. This is especially noticeable on ad-heavy web pages, while other things seem to work just fine. It has hardware acceleration for most video formats, though I had trouble getting Netflix to work.

The tradeoff for a slow CPU is phenomenal battery life. It seems to last forever on battery. It's really pretty cool.


A Chromebook is likely more secure, but for my needs, this $200 is perfect.


Anonymous said...

Could you share some operational security tips for using such a "burner" laptop? Clearly the point of having such a laptop is to avoid spreading an infection back to your main systems after the cons; but there are also some sticky tradeoffs that could arise when actually using the laptop to do real work, such as:

* How do you transfer work files back from the burner laptop to your main systems after the con? Connecting to your home/work wi-fi or VPN, or using an SD card/USB drive to transfer files, could potentially expose your main systems to attack if we assume the burner laptop was compromised.

* Do you use "burner" online accounts and passwords as well to prevent their credentials from being keylogged by a presumed hack of the laptop at the con? Or are you confident enough in 2 factor auth to protect you from that? And/or do you change all passwords you used on the burner laptop when you're ready to "burn" it?

* How do you intend to dispose of the burner laptop after you're done with it? Reformat the drive? DBAN it and send it out for recycling?

* More generally: what is the specific threat model you have in mind that this burner laptop is intended to protect against? What kind of attacks/malware are you trying to isolate your main systems from? Are you concerned with "advanced" attacks like BIOS/firmware-resident malware, etc.? That's the only reason I can think of to actually buy a purpose-built burner laptop instead of just reformatting one you already have before/after the con. Maybe I'm missing something here?

Thanks in advance - this was a great article and I (surely others as well) am curious to learn more about the operational security considerations this is intended to support.

dre said...

Wow I just got the same laptop and installed the same things. I also have GlassWire Pro installed, for added detective capabilities.

Also, I used and tested with Wireshark, so I did not install the third-party pcaps that ship with Wireshark. Thus, I didn't run into the VirtualBox conflicts you did.

I like it because I can test out the various attacks from both Windows 10 and from Kali in a single $200 laptop -- so it's a different type of burner for me (and I'm not going to BlackHat US or DEF CON). I take my iPad Mini LTE with Algo to DO and Authentic8 Silo when in hostile environments. I have a Clamcase for the iPad Mini and it's not too-expensive for a more-permanent solution.

tychotithonus (Royce Williams) said...

Rob - with your VeraCrypt setup, did you try the Secure Boot integration?

William Warren said...

I would actually go for a chromebook not for security directly(it isn't windows) but unless you are using some microsoft specific macros you can do everything in google docs. Battery life is even better than Windows 10 and you do not have to throw the device away and buy a new one every year.

Unknown said...

thank you so much for your sharing this nice article,
I really like to reading your blog !


Gsiwn3e49 said...

A few years back I took a similar route, with a Lenovo ultra-portable. Same limitations wrt the CPU, but it works well enough.

I got around the storage limit by permanently putting a microSD card in the onboard reader. Using some trickery I managed to boot Kali from the uSD, while leaving Windows7 intact on the internal MMC.